Enterprise Network Campus Design
I wanted to take a break from the multicast as I have been writing a lot about it lately and studying it. Today I want to dive into enterprise network campus design. I also want to mention that in future blogs I might start adding lab examples. Right now my modem broke and I am without internet, but that should be fixed today. I have been using a hotspot.
One of the most important things when it comes to networking is being able to design a network that is secure, redundant, and purposeful. A campus network is an enterprise network (hundreds to thousands of users) where we have one or more LANs in one or more buildings. A great example of this would be a college university. Usually in this scenario, everything is geographically close and the company owns everything on the campus. Since we have so many users, we need a lot of switches and a good design to make it work. One technology that can help with the limitation of only 48 ports on a switch is stacking switches together. By using stacking cables to stack switches together, we can transform multiple switches into one logical switch.
The campus network architecture has 3 main components. We have the access layer, the distribution layer, and the core layer.
The access layer is where all end devices connect to, think printers, access points, phones, etc. A lot of the time at the access layer we will be using Layer 2 switches, but Layer 3 switches can also be used, which would reduce the STP domain. Another important thing for the access layer is PoE for our APs and phones. QoS is another important consideration here if we are using VoIP so we can give precedence to VoIP traffic. Lastly, we need to consider security. We don't want malicious devices to connect to the access layer, so we want to protect things like DHCP, ARP, and Spanning Tree. We can use features like DHCP snooping, dynamic ARP inspection, and root guard to help us with this. Also, one thing I think is great design for the access layer is having two uplinks instead of one just for redundancy and also load balancing. You can use EtherChannel to do this.
The distribution layer is what connects the access and core layer together. This is where we aggregate the access layer and is also where we typically use routing because this is where we would terminate VLANs from the access layer. Some key features of the distribution layer are that we use access-lists here to filter certain inter-VLAN traffic. A lot of the time our ISP connections come into the distribution layer because we want the core layer to specifically focus on fast L3 switching. For a while, this was something that confused me because why wouldn't the core be where the internet is originally coming into? I remember my first time seeing this during a network refresh at a school and I was kind of confused, but it makes more sense to do it this way.
Lastly, we have the core layer. The core layer is the backbone of our network, and the core switch's primary job for us is to do very fast switching. We don't really want it to do anything else. It should be able to handle all the traffic from distribution layer switches. It is very important that our core switch has high bandwidth, throughput, availability, and redundancy. We want multiple links, multiple power supplies, and redundant supervisors. One thing to note about the core layer is that we don't configure any access-lists or make changes to packets in the core, we leave that at the distribution layer. Sometimes a network may be too small to justify a core layer, and in which case we might just combine the core and distribution layer together. This architecture is called the collapsed core architecture.